Increase max ICMP ping size
-
I did a search for "increase max ping/ICMP size" but didn't come up with any answers.
I use to have an Astaro to strongSWAN IPSec tunnel. Now have an Astaro to pfsense IPSec tunnel and the following problem came up.
I need to be able to do "large" pings(2048) over my VPN due to the way some Microsoft junk works.
thanks in advance
C:\Program Files\Support Tools>ping 192.168.5.1 -l 1024
Pinging 192.168.5.1 with 1024 bytes of data:
Reply from 192.168.5.1: bytes=1024 time=89ms TTL=63
Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63
Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63
Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63Ping statistics for 192.168.5.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 90ms, Average = 89ms
C:\Program Files\Support Tools>ping 192.168.5.1 -l 2048Pinging 192.168.5.1 with 2048 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.Ping statistics for 192.168.5.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),and strongSWAN
C:\Program Files\Support Tools>ping 192.168.20.1 -l 2048
Pinging 192.168.20.1 with 2048 bytes of data:
Reply from 192.168.20.1: bytes=2048 time=20ms TTL=63
Reply from 192.168.20.1: bytes=2048 time=37ms TTL=63
Reply from 192.168.20.1: bytes=2048 time=22ms TTL=63
Reply from 192.168.20.1: bytes=2048 time=35ms TTL=63Ping statistics for 192.168.20.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 37ms, Average = 28ms -
$10 paid (paypal) to who ever can give me a definite answer.
-
keep your money and buy ice for the kids..
If you experience packet loss only when using specific protocols (SMB, RDP, etc), you may need to reduce your WAN MTU. IPsec does not handle fragmented packets very well, and a reduced MTU will ensure that the packets traversing the tunnel are all of a size which can be transmitted whole. A good starting point would be 1300, and if that works, slowly increase the MTU until you find the breaking point, then back off a little from there.
from doc.pfsense.orghttp://doc.pfsense.org/index.php/IPsec_Troubleshooting#Packet_Loss_with_Certain_Protocols
-
Well how is it that I can ping well over ethernet's 1500 MTU with a strongSWAN–strongSWAN IPSec tunnel?
seank@mob-sean:/work/workspaceCDT/FreeEMS/freeems-vanilla$ ping -s 8000 192.168.20.1
PING 192.168.20.1 (192.168.20.1) 8000(8028) bytes of data.
8008 bytes from 192.168.20.1: icmp_seq=1 ttl=63 time=58.1 ms
8008 bytes from 192.168.20.1: icmp_seq=2 ttl=63 time=44.3 ms
8008 bytes from 192.168.20.1: icmp_seq=3 ttl=63 time=30.9 ms
8008 bytes from 192.168.20.1: icmp_seq=4 ttl=63 time=31.1 ms
8008 bytes from 192.168.20.1: icmp_seq=5 ttl=63 time=28.6 ms
^C
--- 192.168.20.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 28.623/38.642/58.148/11.205 ms
seank@mob-sean:/work/workspaceCDT/FreeEMS/freeems-vanilla$ ping -s 8000 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 8000(8028) bytes of data.
^C
--- 192.168.5.1 ping statistics ---
19 packets transmitted, 0 received, 100% packet loss, time 18142ms
?
Thx!
Sean